CVE-2024-6681

Name of the Vulnerable Software and Affected Versions witmy my-springsecurity-plus up to 2024-07-04

Description A critical issue has been found, affecting some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to SQL injection. The attack may be launched remotely.

Recommendations For witmy my-springsecurity-plus up to 2024-07-04, as a temporary workaround, consider restricting access to the /api/dept endpoint until a patch is available. Avoid using the params.dataScope argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.